Suzuki has appointed a personal information manager who is responsible for managing personal information for the entire company and a personal information handling manager in each division. Suzuki has implemented safety management measures, including those described in Items 1 through 6 below, to prevent leakage, loss, damage, misuse, falsification of, and unauthorized access to, personal information handled by Suzuki and to otherwise manage personal information as necessary and appropriate. We also check to see how personal information is being handled based on regulations, manuals, etc. once a year and report it to the Corporate Governance Committee. We also have a system in place for reporting when personal information is handled inappropriately.

1. Formulate rules and manuals that define how to handle personal information (personal data) when it is acquired, used, stored, provided, deleted, disposed of, etc., as well as managers and persons in charge of handling this information, and their responsibilities

2. Clarify which employees are to handle personal information (personal data) and the scope of the personal information (personal data) they handle, and establish a reporting and communication system for responding if facts or signs of violations of laws, regulations, etc. or handling regulations are discovered

3. Train employees on important points regarding the handling of personal information

4. In areas where personal information (personal data) is handled, take measures to manage employee entry and exit and limit what devices they may carry into these areas, and to prevent unauthorized persons from viewing personal information

5. Implement access control to limit the number of persons in charge and the information databases they handle

6. Implement a system to protect information systems that handle personal information (personal data) from unauthorized external access or malware